IT Director of Information Security

We're seeking an experienced cybersecurity leader to establish and mature our Information Security and Governance, Risk, and Compliance (GRC) program from the ground up. As our dedicated security leader, you'll have the unique opportunity to build a world-class security posture for a rapidly growing organization. This is a high-impact role where you'll architect a formal company-wide security strategy, lead critical compliance initiatives (SOC 2, HIPAA, FDA), develop enterprise-wide data governance frameworks, and build a team that protects our employees, patients, and business.

•Establish and execute a comprehensive information security strategy covering governance, risk, compliance, and cybersecurity operations

•Lead enterprise-wide risk management and reporting aligned with organizational risk tolerance

•Provide independent oversight of information security practices separate from day-to-day IT operations

•Serve as the organization's subject matter expert for information security and cybersecurity risk

•Deliver regular updates to Executive Leadership on security posture, emerging risks, and program maturity

•Develop, maintain, and enforce information security policies, standards, procedures, and supporting documentation

•Lead tech compliance efforts for SOC 2, HIPAA, and FDA regulatory requirements

•Manage third-party risk management efforts, including vendor security assessments and ongoing monitoring

•Conduct business impact analyses and maintain business continuity and disaster recovery planning initiatives

•Assess business risk and apply practical, risk-based security controls across the organization

•Lead and mentor a team of information security professionals to ensure consistent, high-quality security practices

•Oversee identity and access management, data protection, loss prevention, and security monitoring capabilities

•Direct incident response activities, including investigation, containment, remediation, and post-incident improvement efforts

•Manage and optimize security technology stack to strengthen organizational defenses

•Collaborate with Legal, Human Resources, Compliance, Facilities, and Executive Leadership to align policies and controls

•Drive organization-wide security awareness and training programs for employees and leadership

•Stay current on emerging threats, regulatory changes, and industry best practices through professional networks and ongoing education

•Bachelor's degree in information systems, computer science, business, or related discipline 

•Industry certifications such as CISSP, CISM, or CISA 

•8+ years of progressive experience in information security, risk management, or cybersecurity

•6+ years in a leadership or management role

•Expert knowledge of security frameworks and regulatory standards (ISO 27001, HIPAA, SOC 2)

•Extensive experience building and operating enterprise information security programs in regulated environments, preferably within pharmaceuticals, healthcare, or similar industries

•Expertise in governance, risk, and compliance (GRC) frameworks

•Deep knowledge of third-party/vendor risk management

•Proven incident response and threat management capabilities

•Experience designing and implementing security awareness and training programs

•Familiarity with security technologies such as firewalls, VPNs, access controls, and monitoring tools

•Ability to assess business risk and apply practical, risk-based security controls

•Proven ability to manage multiple initiatives, meet deadlines, and lead cross-functional collaboration

•Strong written and verbal communication skills with the ability to influence at executive levels

•Strategic thinker who can also execute tactically; Not afraid to get hands-on when needed